Security of personal information in electronic communication is of importance. Internet banking, cloud services and e-commerce, for example, depend on reliable and secure methods to handle sensitive information and payments. Encryption, hash functions and standardized protocols are employed to reach these objectives in a way that users can trust and have faith in.
Personal devices may be furnished with mechanisms to protect against theft or unauthorized use. For example, a smartphone may comprise a fingerprint reader to facilitate use by the owner, and to hinder use by a thief. A fingerprint reader may also be used in a storage unit for storing medicaments, for example. A face or voice recognition system may be used for unlocking devices, doors or other electronically secured apparatuses.
A face recognition system may function by first obtaining a digital photograph of a user's face and then comparing it, using a suitable algorithm, to an acceptable reference face. A voice recognition system may function by first obtaining a digital recording of a user's voice and then comparing it, using a suitable algorithm, to an acceptable reference voice. In general, captured biometric data is compared to reference data, the reference data being derived from biometric measurement. In general, using a measured characteristic of a user in such a way may be referred to as biometrics.
A technical challenge in biometric identification is the opportunity for attack provided by storing the reference data of the legitimate user, and obtaining the biometric data for comparison with the reference data. For example, a malware program installed in a smartphone which employs a fingerprint sensor may transmit information characterizing the user's fingerprint to an attacker, with possible dangerous consequences.
Likewise, an attacker with physical access to the device may install hardware modifications thereon, to steal the reference data, or biometric data, as it is communicated inside of the device between components of the device.